A Journey To Scan AWS Public IP Ranges – 1st Part

Yash Goti

Dec 26, 2022

2 Min


    Welcome Hackers,

    Cloud is a most popular and most efficient way to shift IT infrastructure from local to a non-self managed platform but this kind of offering comes with the responsibility and which cloud provider upfront clear before you or your organization host any kind of application to their infrastructure.

    Ever since our team started talking about cloud security (mostly cloud configuration audit, cloud pentesting etc.) every IT person we met in enterprises as well as SMEs is shifting from on-premise infrastructure to cloud (mostly AWS, Google, Azure). That they are secure because now cloud providers have to take care of the security part.

    So let me break it to parts where AWS says that the infrastructure we provide is definitely secure but the application is not our responsibility (for further self study refer this link)

    So we were clear that the hosted web application, mobile application, APIs, etc. might be vulnerable to something and that is where we started to take it to the next level to find entry point.

    Now we was wondering how should we gather all the Public IPs of aws to get started and we find out that aws itself provides CIDR of all public hosted server IP(s) such as LightSail, EC2, etc.

    Please refer to this link to get those CIDR

    The first thing I needed to do was CIDR to IP mapping and here comes Project Discovery in our mind and a tool called mapcidr powered by ProjectDiscovery.

    We started mapping with the simple command mapcidr -cidr -silent

    We’ll cover the next part of this journey, till then stay tuned and ping us if there is anything that comes to mind.

    Yash Goti
    Yash GotiCo-Founder & COO

    Yash Goti, Certbar’s Co-Founder & CEO, excels in Client Relations, Business Development, and IT leadership. With 5+ years’ experience, he’s a financial services expert, ISO 27001 Auditor, and dynamic presenter in cybersecurity.